<!DOCTYPE html>
<html>
    <head>
    <meta http-equiv="Content-Security-Policy" content="default-src 'self' 'nonce-abc' 'sha256-sc3CeiHrlck5tH2tTC4MnBYFnI9D5zp8f9odqnmGQjE='; connect-src 'self';">
    <title>script-hash allowed from default-src</title>
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
    <script nonce='abc'>
        setup({ single_test: true });
        window.addEventListener('securitypolicyviolation', function(e) {
            assert_unreached("Should not have fired event");
        });
    </script>

    <script>done();</script>
    </head>

    <body>
    <div id="log"></div>
    </body>
</html>
